You need to install the LEM agent software on whatever servers you wish to manage.
Afterwards, enable the FIM software and make sure it watches all the files/folders/shares you wish to monitor (Be aware this can cause a HUGE increase in events on the LEM and you may need to increase its power by a significant amount depending on the file amounts and how often they area accessed)
Then put in a rule that says something like this:
I would include the source domain so that the system account won't generate false positives.
The correlation time should be adjusted depending on the frequency that those files are touched normally.
Then just put in an email alert and you should be good.
If you need further help, let me know!